0

I am trying to get the value from the checkbox selected in a form inserted into a database using php and sql. I have included the html and some php I am trying to get to work. The first bit of php works great. The second bit of php is one of many attempts to get the value of the checkbox from the form inserted into a database. Thank you for your help!

<?php

$sql = "INSERT into students set student_number = '{$_POST['student_number']}', 
first_name = '{$_POST['first_name']}', last_name = '{$_POST['last_name']}', degree = 
'{$_POST['degree']}'";
mysql_query($sql);

?>

<?php

$classes->bind_result($class);
$classes->execute();
$class = array();
while ($classes->fetch()) {
$class[] = $class;
}

?>
<div class="div1">COP1000:</div><input class="checkbox1" type="checkbox"     
value="COP1000" name="class[]" id="class[]" /><br />

<div class="div1">COP2800:</div><input class="checkbox1" type="checkbox" 
value="COP2800" name="class[]" id="class[]" /><br />

<div class="div1">CIS2910C:</div><input class="checkbox1" type="checkbox"    
value="CIS2910C" name="class[]" id="class[]" /><br />

<div class="div1"> COP2830:</div><input class="checkbox1" type="checkbox"  
value="COP2830" name="class[]" id="class[]" /><br /><br />
Improve this question
3
  • 2
    Oh no! SQL Injection! Commented Feb 21, 2012 at 11:22
  • @bazmegakapa is correct.. consider using the sprintf to build you query and use mysql_real_escape string.. you don't want SQL injection attacks : Commented Feb 21, 2012 at 11:24
  • $class[] = $class; doesn't make sense - you're building an array of empty arrays. Commented Feb 21, 2012 at 11:28

2 Answers 2

Reset to default
1

$_POST['class'] is an array.

You can insert these values into one field your database by (naturally) turn it into a string. The easiest way would be:

$str = implode(',', $_POST['class']);

which puts a comma (,) between your values. When you want to read all values you can use explode() like this:

$array = explode(',', $str);

If you wish to loop through every value and perform an update/action on every value, you should loop through the array:

foreach($_POST['class'] as $class) {
    // run code per class

    // example
    $sql = sprintf("INSERT INTO `table` (`class`) VALUES('%s')", mysql_real_escape_string($class));
}

Important (irrelevant) note: You should sanitize your input before inserting it into your database. If not, users can extend your SQL query and basically can do anything with your database. For more information, click bazmegakapa's link.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

irrelevant it's very much relevant
@Flukey It's not relevant to the question.
1

Every time you get any problem to know what contains some variable you can use var_dump()

So use

var_dump($_POST);

And you gonna get all you send via POST.

Now check the $_POST['class'] too, and go on until you get your answer.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.